-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Minimal Credential Disclosure ex. in Privacy #95
Conversation
Add a use case for a friend of a friend of a friend access control or follower use case. |
proposals/wac-ucr/index.bs
Outdated
blogs have restrictions on who can post to avoid spam. Alice has direct | ||
access to many of them, but they don't all know her under the same | ||
identitfier. Some provide access via social network relationships, such | ||
as being the friend of a friend of the Blog's author. Alice would like to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you want to focus on FoF based scenarios, I would suggest to focus this Use case on that and clarify details around how storage server can or can not access information around friendships.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wrote up a use case for giving comment access to extended social network that should help with reworking this issue. a4eb4ac
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree - this one feels more specific to a FoF than related to minimal credential disclosure. I think this should focus on the FoF case since the minimal disclosure is covered well in uc-minimalcredentials
proposals/wac-ucr/index.bs
Outdated
### Minimal Credential Disclosure ### {#uc-minimalcredentials1} | ||
|
||
To continue with the [[#uc-whopermitted]] example, Oscar now wants to | ||
view Alice's `resume` which is not publically accessible. To gain access, | ||
he needs to authenticate with the right credentials. Oscar does not want | ||
to try out each one of his credentials one by one until he gains access, | ||
as that would both be slow and allow Alice to connect his different personas. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uc-minimalcredentials can be taken up independently of uc-whopermitted because uc-minimalcredentials' requirements can potentially disclose any specific set of agents, their class, or group. The example from uc-whopermitted should at most reveal what class of agents or groups can access - it strictly does not want to reveal individuals.
We can acknowledge uc-minimalcredentials, but needless to say, it doesn't entail that readable ACLs are required or even anything on the authorization layer. If this is truly about a shared understanding of what kind of credentials are acceptable, then it may be preferable to address this in a prior layer, and so not necessarily having to wire it up with WAC/ACLs. Consider the situation where a different Access Control mechanism is used. We'd still want to realise uc-minimalcredentials.
proposals/wac-ucr/index.bs
Outdated
@@ -802,6 +802,29 @@ For example, if the data Carol and Oscar saw in the resume was | |||
background, she wouldn't want them to know that they were only seeing | |||
a filtered view. | |||
|
|||
### Minimal Credential Disclosure ### {#uc-minimalcredentials} | |||
|
|||
To continue with the [[#uc-whopermitted]] example, Oscar now wants to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This references #uc-whopermitted, but it seems that it would make sense for this one to reference [[#capabilities-vc]], since those use cases are specifically related to authorization by verifiable credential.
proposals/wac-ucr/index.bs
Outdated
blogs have restrictions on who can post to avoid spam. Alice has direct | ||
access to many of them, but they don't all know her under the same | ||
identitfier. Some provide access via social network relationships, such | ||
as being the friend of a friend of the Blog's author. Alice would like to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree - this one feels more specific to a FoF than related to minimal credential disclosure. I think this should focus on the FoF case since the minimal disclosure is covered well in uc-minimalcredentials
I removed both use cases and written them as one new one that refers to the credentials section, emphasizing the multiple credentials use case and the need for minimal disclosure. So this use case is really completely rewritten. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
The ability to allow Minimal Credential Disclosure is an important aspect Authorization schemes.
A quick search gave me this paper:
https://link.springer.com/article/10.1007/s12394-009-0022-6